From a7bd1c2ce54f992b77d2da0aee2ebeb940ce80c7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sun, 11 Oct 2020 15:58:12 -0400 Subject: [PATCH] Turn on SSL output --- .../pipelines/config/so/9000_output_zeek.conf.jinja | 4 ++++ .../pipelines/config/so/9002_output_import.conf.jinja | 4 ++++ .../pipelines/config/so/9004_output_flow.conf.jinja | 4 ++++ .../pipelines/config/so/9033_output_snort.conf.jinja | 4 ++++ .../pipelines/config/so/9034_output_syslog.conf.jinja | 4 ++++ .../pipelines/config/so/9100_output_osquery.conf.jinja | 4 ++++ .../pipelines/config/so/9200_output_firewall.conf.jinja | 4 ++++ .../pipelines/config/so/9400_output_suricata.conf.jinja | 4 ++++ .../pipelines/config/so/9500_output_beats.conf.jinja | 4 ++++ .../pipelines/config/so/9600_output_ossec.conf.jinja | 4 ++++ .../pipelines/config/so/9700_output_strelka.conf.jinja | 4 ++++ salt/soc/init.sls | 8 +++++++- 12 files changed, 51 insertions(+), 1 deletion(-) diff --git a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja index 98a842b2d..dd5f267f0 100644 --- a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja +++ b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-zeek" template => "/templates/so-zeek-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja index 315c892e2..99d0362f5 100644 --- a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja +++ b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-import" template => "/templates/so-import-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja index 889a3567f..59543fd77 100644 --- a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja +++ b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja @@ -12,6 +12,10 @@ output { template_name => "so-flow" template => "/templates/so-flow-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja index 96d2ae5ba..79266e3a9 100644 --- a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja +++ b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja @@ -12,6 +12,10 @@ output { template_name => "so-ids" template => "/templates/so-ids-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja index ee5c57c5a..ea59bda5d 100644 --- a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja +++ b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-syslog" template => "/templates/so-syslog-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja index a9e5ac64d..a4eb3ce46 100644 --- a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja +++ b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-osquery" template => "/templates/so-osquery-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja index 3ad4a5722..c8f1b6724 100644 --- a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja +++ b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja @@ -12,6 +12,10 @@ output { template_name => "so-firewall" template => "/templates/so-firewall-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja index e65952cca..cfcfd05ce 100644 --- a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja +++ b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja @@ -12,6 +12,10 @@ output { index => "so-ids-%{+YYYY.MM.dd}" template_name => "so-ids" template => "/templates/so-ids-template.json" + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja index 10700733e..ea5f48709 100644 --- a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja +++ b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-beats" template => "/templates/so-beats-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja index 7ebe6afbd..1eb3675aa 100644 --- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja +++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-ossec" template => "/templates/so-ossec-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja index cdc340b39..b5ebcc42c 100644 --- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja +++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja @@ -13,6 +13,10 @@ output { template_name => "so-strelka" template => "/templates/so-strelka-template.json" template_overwrite => true + {%- if salt['pillar.get']('nodestab', {}) %} + ssl => true + ssl_verification => false + {%- endif %} } } } diff --git a/salt/soc/init.sls b/salt/soc/init.sls index b76244d82..a4f99d92d 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -56,10 +56,16 @@ so-soc: - /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro - /opt/so/conf/soc/changes.json:/opt/sensoroni/html/changes.json:ro - /opt/so/log/soc/:/opt/sensoroni/logs/:rw + - extra_hosts: + {%- if salt['pillar.get']('nodestab', {}) %} + {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} + - {{ SN.split('_')|first }}:{{ SNDATA.ip }} + {%- endfor %} + {%- endif %} - port_bindings: - 0.0.0.0:9822:9822 - watch: - - file: /opt/so/conf/soc + - file: /opt/so/conf/soc/* # Add Kratos Group kratosgroup: